Randomly getting LDAP Error 49, data 52e on random users?

Question

The architecture is as follows:

WAS 7.0 4 servers on 3 LPAR´s (12 instances), on them is running BPM and the appliance on this matter is Business Space.

For ID we have AD DS (2 branches) one DC=principal.com wich is configured as the Global Catalog and another one DC=principal.com.offices

WAS is pointing to DC=principal.com on the port 3268 (global catalog)

For less than 1% of the users we have the following error:

They try to login but they can´t and receive the message "Check your username and passowrd" and in the LOGs we get the following message

0000004c LTPAServerObj E  
SECJ0369E: Authentication failed when using LTPA. The exception is
CWWIM4529E  The password verification for the ' principal_name ' principal name failed 'e60083'. root cause: 'javax.naming.AuthenticationException:
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 52e, v1db1]; Resolved object: 'com.sun.jndi.ldap.LdapCtx@519d519d''

A user was able to login in the morning and got the previously described error since afternoon.

A user might be unable to logon from one computer and be able to do it from another one (on the same ADDS Branch)

On another Change control, not related to this issue, WAS servers had to be restarted. The problem stopped inmediatly. And now is starting again.

Any pointer to investigate would be very helpful. Thanks in advance

Answer 1

I'm not sure if this will help but it may get you started.

We saw this error on a DC that did not allow anonymous binding. We had to provide the admin username an d password in order to bind to the LDAP server, then pass the credentials for the user to authenticate in the search request. We also found that you need to prepend the admin account with the domain short name. I.E. shortName\administrator.